ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects 1 Releases Wiki Activity
9f6985291e
TenantAtlas/apps/platform/tests/Feature/AdminConsentCallbackTest.php
ahmido 1655cc481e Spec 188: canonical provider connection state cleanup (#219) 
## Summary
- migrate provider connections to the canonical three-dimension state model: lifecycle via `is_enabled`, consent via `consent_status`, and verification via `verification_status`
- remove legacy provider status and health badge paths, update admin and system directory surfaces, and align onboarding, consent callback, verification, resolver, and mutation flows with the new model
- add the Spec 188 artifact set, schema migrations, guard coverage, and expanded provider-state tests across admin, system, onboarding, verification, and rendering paths

## Verification
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Feature/Auth/SystemPanelAuthTest.php tests/Feature/Filament/TenantGlobalSearchLifecycleScopeTest.php tests/Feature/ProviderConnections/ProviderConnectionEnableDisableTest.php tests/Feature/ProviderConnections/ProviderConnectionTruthCleanupSpec179Test.php`
- integrated browser smoke: validated admin provider list/detail/edit, tenant provider summary, system directory tenant detail, provider-connection search exclusion, and cleaned up the temporary smoke record afterward

## Filament / implementation notes
- Livewire v4.0+ compliance: preserved; this change targets Filament v5 on Livewire v4 and does not introduce older APIs
- Provider registration location: unchanged; Laravel 11+ panel providers remain registered in `bootstrap/providers.php`
- Globally searchable resources: `ProviderConnectionResource` remains intentionally excluded from global search; tenant global search remains enabled and continues to resolve to view pages
- Destructive actions: no new destructive action surface was introduced without confirmation or authorization; existing capability checks continue to gate provider mutations
- Asset strategy: unchanged; no new Filament assets were added, so deploy behavior for `php artisan filament:assets` remains unchanged
- Testing plan covered: system auth, tenant global search, provider lifecycle enable/disable behavior, and provider truth cleanup cutover behavior

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #219
2026-04-10 11:22:56 +00:00

124 lines
4.3 KiB
PHP
Raw Blame History

<?php
use App\Models\ProviderConnection;
use App\Models\Tenant;
use App\Models\Workspace;
use App\Support\Providers\ProviderReasonCodes;
use Illuminate\Foundation\Testing\RefreshDatabase;
uses(RefreshDatabase::class);
it('stores successful admin consent on provider connection canonical state', function () {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-1',
'name' => 'Contoso',
]);
$response = $this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'admin_consent' => 'true',
]));
$response->assertOk();
$response->assertSee(
route('filament.admin.resources.tenants.view', ['tenant' => $tenant->external_id, 'record' => $tenant]),
false,
);
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->first();
expect($connection)->not->toBeNull()
->and($connection?->is_enabled)->toBeTrue()
->and($connection?->consent_status?->value ?? $connection?->consent_status)->toBe('granted')
->and($connection?->verification_status?->value ?? $connection?->verification_status)->toBe('unknown')
->and($connection?->last_error_reason_code)->toBeNull();
$this->assertDatabaseHas('audit_logs', [
'tenant_id' => $tenant->id,
'action' => 'tenant.consent.callback',
'status' => 'success',
]);
});
it('links back to onboarding when tenant is onboarding', function () {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-3',
'name' => 'Onboarding Tenant',
'status' => Tenant::STATUS_ONBOARDING,
]);
$response = $this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'admin_consent' => 'true',
]));
$response->assertOk();
$response->assertSee(route('admin.onboarding'), false);
});
it('creates tenant and provider connection when callback tenant does not exist', function () {
$workspace = Workspace::factory()->create();
$response = $this->withSession([
'tenant_onboard_workspace_id' => (int) $workspace->getKey(),
'tenant_onboard_state' => 'state-456',
])->get(route('admin.consent.callback', [
'tenant' => 'new-tenant',
'state' => 'state-456',
]));
$response->assertOk();
$tenant = Tenant::where('tenant_id', 'new-tenant')->first();
expect($tenant)->not->toBeNull();
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->id)
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->first();
expect($connection)->not->toBeNull()
->and($connection?->is_enabled)->toBeTrue()
->and($connection?->consent_status?->value ?? $connection?->consent_status)->toBe('required')
->and($connection?->verification_status?->value ?? $connection?->verification_status)->toBe('unknown')
->and($connection?->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderConsentMissing);
});
it('records consent callback errors on provider connection canonical state', function () {
$tenant = Tenant::factory()->create([
'tenant_id' => 'tenant-2',
'name' => 'Fabrikam',
]);
$response = $this->get(route('admin.consent.callback', [
'tenant' => $tenant->tenant_id,
'error' => 'access_denied',
]));
$response->assertOk();
$connection = ProviderConnection::query()
->where('tenant_id', (int) $tenant->getKey())
->where('provider', 'microsoft')
->where('entra_tenant_id', $tenant->graphTenantId())
->first();
expect($connection)->not->toBeNull()
->and($connection?->is_enabled)->toBeTrue()
->and($connection?->consent_status?->value ?? $connection?->consent_status)->toBe('failed')
->and($connection?->verification_status?->value ?? $connection?->verification_status)->toBe('unknown')
->and($connection?->last_error_reason_code)->toBe(ProviderReasonCodes::ProviderAuthFailed)
->and($connection?->last_error_message)->toBe('access_denied');
$this->assertDatabaseHas('audit_logs', [
'tenant_id' => $tenant->id,
'action' => 'tenant.consent.callback',
'status' => 'failed',
]);
});
Reference in New Issue View Git Blame Copy Permalink